D
darrel
I know I'm sounding like a broken record. I already asked this question last
week.
Alas, this question seems to be getting very few responses no matter how I
word it or where I post it. Apparently, this is a rather rare occurance (or
maybe people just don't like me...both pluasible theories... ;o)
So, anyways, I'll post it in here one last time as a hail marry...
I'm building an application that can manage some images that are uploaded.
You can upload them, save them, and delete them.
I'm having problems with the delete portion. My directory structure is such:
approot (folder)
images (folder)
deleteTest (aspx page)
admin (forms authenticated folder)
delete (aspx page)
both 'delete' and 'deleteTest' pages in my sample above use the exact same
syntax to delete a file within the images folder.
'deleteTest' does it just fine. 'delete' on the other hand, prompts me for a
username/password then tells me permission is denied on the /images folder.
On both pages, I'm writing out the user information. BOTH pages return the
exact same information:
Page.User.Identity.Name: testlogin
System.Security.Principal.WindowsIdentity.GetCurrent().Name:
WIN17\abernath
System.Threading.Thread.CurrentPrincipal.Identity.Name: testlogin
'testlogin' is blank on the 'deleteTest' page if I haven't yet logged in.
Either way, though, that page can delete files just fine.
So, I'm stumped. It appears both threads are running as the same user, but
if I run the function from within my authenticated error, I'm denied access.
My web host claims all appropriate permissions are set.
Some theories I've gotten from others:
- I need to impersonate (though impersonate what? ASPNET?)
- I need to allow the server to grant permission to authetnicated users
(can I do that via my app, or would that be something the web
host always has to set up manually?)
- ???
I'm at the point where I'm just going to do a really hacky workaround:
I'll have a 'deleteConfirm' page OUTSIDE my authenticated folder. From
within my authenticated folder, when someone clicks DELETE, the image
information to delete will be saved in a DB table, then the page will
redirect to the 'deleteConfirm' page which will then look into that same
table and if it sees any data, will grab it, delete the images, then delete
the data. Seems OK, but, obviously, an insane workaround. ;o)
Is there anyone with IIS/asp.net/permission experience that could shed some
light on this problem for me?
Thanks!
week.
Alas, this question seems to be getting very few responses no matter how I
word it or where I post it. Apparently, this is a rather rare occurance (or
maybe people just don't like me...both pluasible theories... ;o)
So, anyways, I'll post it in here one last time as a hail marry...
I'm building an application that can manage some images that are uploaded.
You can upload them, save them, and delete them.
I'm having problems with the delete portion. My directory structure is such:
approot (folder)
images (folder)
deleteTest (aspx page)
admin (forms authenticated folder)
delete (aspx page)
both 'delete' and 'deleteTest' pages in my sample above use the exact same
syntax to delete a file within the images folder.
'deleteTest' does it just fine. 'delete' on the other hand, prompts me for a
username/password then tells me permission is denied on the /images folder.
On both pages, I'm writing out the user information. BOTH pages return the
exact same information:
Page.User.Identity.Name: testlogin
System.Security.Principal.WindowsIdentity.GetCurrent().Name:
WIN17\abernath
System.Threading.Thread.CurrentPrincipal.Identity.Name: testlogin
'testlogin' is blank on the 'deleteTest' page if I haven't yet logged in.
Either way, though, that page can delete files just fine.
So, I'm stumped. It appears both threads are running as the same user, but
if I run the function from within my authenticated error, I'm denied access.
My web host claims all appropriate permissions are set.
Some theories I've gotten from others:
- I need to impersonate (though impersonate what? ASPNET?)
- I need to allow the server to grant permission to authetnicated users
(can I do that via my app, or would that be something the web
host always has to set up manually?)
- ???
I'm at the point where I'm just going to do a really hacky workaround:
I'll have a 'deleteConfirm' page OUTSIDE my authenticated folder. From
within my authenticated folder, when someone clicks DELETE, the image
information to delete will be saved in a DB table, then the page will
redirect to the 'deleteConfirm' page which will then look into that same
table and if it sees any data, will grab it, delete the images, then delete
the data. Seems OK, but, obviously, an insane workaround. ;o)
Is there anyone with IIS/asp.net/permission experience that could shed some
light on this problem for me?
Thanks!